Streamline launching new nodes.

* launch/README: More clarity on Jenkins slave example, and additional levels of cut-n-pasteability on the DNS record creation example. Also switch from requiring root to expecting to be run from a normal account with sudo access and membership in the puppet group. * launch/launch-node.py: Default to assuming the certname is the same as the node FQDN, if it isn't overridden via command-line option. Change-Id: I9c987055b18e084983f2459fe01598837e1ebcc6 Reviewed-on: https://review.openstack.org/20645 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-01-28 21:50:37 +00:00 · 2013-01-28 21:50:37 +00:00 · 168b11398a
commit 168b11398a
parent f8edec9929
2 changed files with 41 additions and 24 deletions
--- a/launch/README
+++ b/launch/README
@ -1,29 +1,42 @@
-Note that these instructions assume commands will be run in a full
-root environment::
+Note that these instructions assume you're working from this
+directory on an updated local clone of the repository, and that
+your account is a member of the puppet group for access to the
+puppet keys::

-  sudo su -
+  sudo adduser YOURUSER puppet
+
+(Remember to log out and back into your shell if you add yourself
+to a group.)

 To launch a node in the OpenStack CI account (production servers)::

+  export FQDN=servername.openstack.org
  . ~root/ci-launch/openstackci-rs-nova.sh
+  sudo puppet cert generate $FQDN
+  ./launch-node.py $FQDN

 To launch a node in the OpenStack Jenkins account (slave nodes)::

+  export FQDN=slavename.slave.openstack.org
+  export CERT=slavetype.slave.openstack.org
+  export IMAGE='Ubuntu 12.10 (Quantal Quetzal)'
+  export RAM=2048
  . ~root/ci-launch/openstackjenkins-rs-nova.sh
-
-Then::
-
-  puppet cert generate servername.openstack.org
-  ./launch-node.py servername.openstack.org --cert servername.openstack.org.pem
+  sudo puppet cert generate $CERT
+  ./launch-node.py $FQDN --cert $CERT.pem --image "$IMAGE" --ram $RAM

 If you are launching a replacement server, you may skip the generate
 step and specify the name of an existing puppet cert (as long as the
 private key is on this host).

-The server name and cert names may be different.
+The server name and cert names may be different (as in the Jenkins
+slave example), but launch-node.py will assume they are the same
+unless specified.

 Manually add the hostname to DNS (the launch script does not do so
-automatically).
+automatically). Note that this example assumes you've already
+exported a relevant FQDN and sourced the appropriate API credentials
+above.

 DNS
 ===
@ -37,17 +50,16 @@ URL should be satisfied by sourcing the "openstackci-rs-nova.sh"
 script (or jenkins, as appropriate).

  . ~root/rackdns-venv/bin/activate
-  . ~root/ci-launch/openstackci-rs-nova.sh

-  export SERVERNAME=server
-  nova list | grep "| $SERVERNAME\.openstack\.org "
-  export IPV6ADDR=dead:beef::cafe
-  export IPV4ADDR=123.45.67.89
-  export UUID=fedcba98-7654-3210-0123-456789abcdef
+  TEMPFILE=$(tempfile)
+  nova list | grep "| $FQDN " | sed 's/^| \([0-9a-f-]\+\) .* public=\([0-9a-f:]\+\), \([0-9\.]\+\);.*/export UUID="\1"\nexport IPV6="\2"\nexport IPV4="\3"/' > $TEMPFILE
+  cat $TEMPFILE
+  . $TEMPFILE
+  rm $TEMPFILE

-  rackdns rdns-create --name $SERVERNAME.openstack.org --data $IPV6ADDR --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/$UUID --ttl 300
-  rackdns rdns-create --name $SERVERNAME.openstack.org --data $IPV4ADDR --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/$UUID --ttl 300
+  rackdns rdns-create --name $FQDN --data "$IPV6" --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/"$UUID" --ttl 300
+  rackdns rdns-create --name $FQDN --data "$IPV4" --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/"$UUID" --ttl 300

-  . openstack-rs-nova.sh
-  rackdns record-create --name $SERVERNAME.openstack.org --type AAAA --data $IPV6ADDR --ttl 300 openstack.org
-  rackdns record-create --name $SERVERNAME.openstack.org --type A --data $IPV4ADDR --ttl 300 openstack.org
+  . ~root/ci-launch/openstack-rs-nova.sh
+  rackdns record-create --name $FQDN --type AAAA --data "$IPV6" --ttl 300 openstack.org
+  rackdns record-create --name $FQDN --type A --data "$IPV4" --ttl 300 openstack.org
--- a/launch/launch-node.py
+++ b/launch/launch-node.py
@ -151,15 +151,20 @@ def main():
    parser.add_argument("--environment", dest="environment",
                        default="production",
                        help="puppet environment name")
-    parser.add_argument("--cert", dest="cert", required=True,
+    parser.add_argument("--cert", dest="cert",
                        help="name of signed puppet certificate file (e.g., "
                        "hostname.example.com.pem)")
    options = parser.parse_args()

    client = get_client()

+    if options.cert:
+        cert = options.cert
+    else:
+        cert = options.name + ".pem"
+
    if not os.path.exists(os.path.join("/var/lib/puppet/ssl/private_keys",
-                                       options.cert)):
+                                       cert)):
        raise Exception("Please specify the name of a signed puppet cert.")

    flavors = [f for f in client.flavors.list() if f.ram >= options.ram]
@ -187,7 +192,7 @@ def main():
    image = images[0]
    print "Found image", image

-    build_server(client, options.name, image, flavor, options.cert, options.environment)
+    build_server(client, options.name, image, flavor, cert, options.environment)

 if __name__ == '__main__':
    main()